2. DATA COLLECTION
We collect your personal data when you use the services offered on our website as well as our digital platform, including the following:
- Sign-up information: When you register to use the services offered on our digital platform, we will collect personal data that is necessary to onboard you such as your name, date of birth, email address, mobile phone number, and debit card details. We may require you to provide additional personal details as you use our services.
- Transaction information: When you use our digital platform to perform mobile money activities (such as send and receive money, make purchases from merchants, pay bills, deposit & withdraw cash, etc), we collect information about the transaction as well as other information associated with the transaction such as amount sent or received, the amount paid for products or services, merchant information, including information about your device and geolocation.
- Participant Personal Data: When you use our services, we collect personal data about the other participants associated with the transaction. We collect personal data such as name and financial account information about the participant who is receiving money from you or sending money to you.
- Information from other sources: We may collect information from other sources, such as our social media platforms when you reach out to us to lodge a complaint about our services. However, we will only ask for the information required to help us be of service to you.
- Other information we collect related to your use of our website or Services: We may collect additional information from or about you when you communicate with us or contact our customer support teams.
- When you apply for a job with us: We may request Personal Data about your education, employment, and state of health. As part of your application, you will be asked to provide your express consent to our use of this information to assess your application and any monitoring activities which may be required of us under applicable laws as an employer.
We may also carry out screening checks (including reference, background, and criminal record checks).
We may exchange your Personal Data with academic institutions, recruiters, health maintenance organizations, law enforcement agencies, referees, and your previous employers.
Our digital platform is not intended for use by minors under the age of eighteen (18) years. NOWNOW does not knowingly collect, or disclose the personal data of minors under 18 years of age. If you are under 18 years old, please do not provide any personal data even if prompted to do so. If you believe that you have inadvertently provided personal data, please ask your parent(s) or legal guardian(s) to notify us and we will delete your personal data.
4. PURPOSES FOR WHICH WE PROCESS DATA
We collect your personal data to provide you with an efficient and secure customer experience. We process your information to:
a) Provide services such as:
- a) Provide services such as:
- Authenticate your access to an account.
- Communicate with you about your account.
b) Resolve disputes and troubleshoot problems.
c) Comply with our obligations and to enforce the terms of our sites and services, including complying with all applicable laws and regulations.
d) Manage risk, fraud, and abuse of our services and you from fraud by verifying your identity.
e) With your consent:
- Market NOWNOW products and services to you.
f) Trail information breach and remediate such identified breaches.
We will not send unsolicited marketing communications to you by SMS or email if you have not opted in to receive them. Additionally, you can withdraw your consent at any time and free of charge.
5. DATA RETENTION
Our policy is to retain personal data only for as long as it is needed for the purposes described in the section “Purposes for which we process personal data”.
We retain Personal Data in an identifiable format for at least seven (7) years for our business purposes and to fulfil our legal or regulatory obligations. We may retain Personal Data for longer periods if it is in our legitimate business interests and required to comply with applicable laws.
6. SHARING OF PERSONAL DATA
We transfer or disclose the personal data we collect to external support providers who are engaged by us to support our internal ancillary processes such as:
a) Companies that provide services to us: We may share personal data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example verify your identity, assist in processing transactions, or provide customer support.
b) Financial institutions: We may share personal data with other financial institutions that we have partnered with to only offer NOWNOW-related services unless you have given consent for other uses. We may also share personal data to process transactions and keep your financial information up to date.
c) Other parties to transactions when you use the services, such as other users and their service providers: This includes other users you are sending or receiving funds from and their service providers. The information might include:
- Personal data and account information necessary to facilitate the transaction.
- Personal data to help other participants(s) resolve disputes and detect/prevent fraud.
d) Other third parties: We may share information about you with other parties for NOWNOW’s business purposes or as permitted or required by law, including:
- If we need to do so to comply with a law, legal process or regulations.
- To law enforcement authorities or other government officials, or other third parties pursuant to a court order or other legal process or requirement applicable to NOWNOW’s corporate family.
- If we believe, in our sole discretion that the disclosure of personal data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
- To protect the vital interests of a person.
- With credit agencies and data processors for credit reference checks and anti-fraud and compliance purposes.
- To investigate violations of or enforce a user agreement or other legal terms applicable to any service.
- To protect our property, services and legal rights.
- To facilitate a purchase or sale of all or part of NOWNOW’s business.
- To companies that we plan to merge with or be acquired by; and
- To support our audit, compliance, and corporate governance functions.
e) We will also share your personal data and other information with your consent or direction.
8. RIGHTS OF DATA SUBJECTS
Requests to Access, Rectify or Erase.
a) Access Request
You have the right to ask us whether we hold any Personal Data relating to you and, if we do, to be provided with a copy of that Personal Data in electronic form, unless you want to receive it in another way (for example, a paper copy). In addition, you can ask us for information on how we use your Personal Data, who we share it with, how long we keep it, where it is stored, and other information to help you understand how we use it.
a) Access Request
You have the right to ask us to correct your Personal Data (including by means of providing a supplementary statement) if it is inaccurate and to have incomplete Personal Data updated without undue delay.
c) Erasure Request
You have the right to ask us to erase your Personal Data if:
- Your Personal Data are no longer necessary for the purpose(s) they were collected for.
Your Personal Data have been unlawfully processed.
- Your Personal Data must be erased to comply with a regulation.
- You withdraw your consent for the processing of the Personal Data (and if this is the only basis on which we are processing your Personal Data).
- You object to processing that is based on our legitimate interests, provided there are no overriding legitimate grounds for continued processing, or
- You object to processing for direct marketing purposes.
If we have made the Personal Data concerned public, we will also take reasonable steps to inform other data controllers processing the data so they can seek to erase links to or copies of your Personal Data. We may refuse to act on your request to erase your Personal Data if the processing of your Personal Data is necessary:
- To exercise our right of freedom of expression and information.
- To comply with the NDPR and relevant Nigerian laws.
- For the performance of a task carried out in the public interest or to exercise official authority vested in us.
- To establish, exercise or defend legal claims.
In these cases, we can restrict the processing instead of erasing your Personal Data if requested to do so by you.
d) Request to Object
You have the right to object at any time to the processing of your Personal Data if we process it based on our legitimate interests. This includes any so-called “profiling”. Our privacy notice informs you when we rely on legitimate interests to process your Personal Data. In these cases, we will stop processing your Personal Data unless we can demonstrate compelling legitimate reasons for continuing the processing. We may reject your request if the processing of your Personal Data is needed to establish, exercise or defend legal claims. You have the right to object at any time if we process your Personal Data for direct marketing purposes. You may also object at any time to profiling supporting our direct marketing. In such cases, we will stop processing your Personal Data when we receive your objection.
e) Request to Restrict
You have the right to ask us to restrict the processing of your Personal Data if:
- You contest the accuracy of your Personal Data and we are in the process of verifying the Personal Data we hold.
- The processing is unlawful, and you do not want us to erase your Personal Data.
- We no longer need your Personal Data for the original purpose(s) of processing, but you need them to establish, exercise or defend legal claims and you do not want us to delete the Personal Data as a result, or
- You have objected to processing carried out because of our legitimate interests while we verify if our legitimate grounds override yours.
If processing is restricted, we may process your Personal Data (excepting for storage purposes), only:
- If you have given us your consent.
- For establishing, exercising, or defending legal claims.
- For protecting the rights of another natural or legal person, or
- For reasons of important public interest as defined under the NDPR and relevant Nigerian laws.
Once processing is restricted following your request, we will inform you before we lift the restriction.
f) Request for Portability
If our processing is performed by computer and is necessary to fulfil a contract with you, or is based on your consent, you have the right to:
- Receive any Personal Data you have provided to us in a structured, commonly used and machine-readable electronic format.
- Send your Personal Data to another organization or have us do so for you if it is technically feasible for us to do so.
If your request relates to a set of Personal Data that also concerns other individuals, the fact that you request that we port this data as described above does not preclude those individuals from exercising their own rights regarding their Personal Data.
Even if you request the portability of your Personal Data, you retain your right to also request their erasure.
f) Request for Portability
Generally, you have the right to object to any decision producing a legal effect concerning you or which otherwise significantly affects you if this is based solely on the automated processing of your Personal Data. This includes automated decisions based on profiling.
We may refuse your request if the decision in question is:
- Necessary to enter into a contract with you, or for the performance of your contract with us.
- Permitted by regulations, or
- Based on your explicit consent.
We will only make decisions relying solely on automated processing that involve your sensitive Personal Data if you have given your explicit consent or the processing is necessary for reasons of substantial public interest, based on the NDPR and relevant laws.
9. HOW WE PROTECT YOUR DATA
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our premises, CCTV cameras for public safety and quality control as well as information access authorisation controls.
While we are dedicated to securing our systems and services, you are responsible for securing and maintaining the privacy of your password(s) and account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current.
We will inform you of any breaches which may affect your Personal Data.
10. REMEDIES FOR VIOLATION
In the event of violation of this policy, our Data Protection Officer shall within 7 days redress the violation. Where the violation pertains to the disclosure of your Personal Data without your consent, such information shall be retracted immediately, and confirmation of the retraction sent to the you within 48 hours of the redress.
11. GOVERNING LAW
13. CONTACT US
I have read all the terms and conditions within this Notice and hereby agree to the use of my personal data for the above-mentioned purposes.
NOWNOW DIGITAL SYSTEMS LIMITED
Ilupeju, Lagos, Nigeria